Email server on a thin client

Thin Client May 19, 2020

I have successfully turned my underpowered Futro S550-2 thin client into a very capable email server. The setup involved software installations, DNS and firewall configuration, and an additional SMTP relay service since the outbound connections on port 25 are blocked by my ISP.

Know your limits

To spare you the time, I will start with the limitations. By using the free tiers of the software and services involved in the process, there are of course some limits that you should know about:

Axigen free mail server limits
5 domains, 5 users, 5 groups
SocketLabs free plan (for SMTP relay)
2000 mails per month

If you don't have the port 25 blocked by your ISP, you don't need the SMTP relay. To test if it's the case, use the following command on the server:

telnet 173.194.76.27 25

If the outcome of the telnet command is like the following, then you have to use an SMTP relay service.

Trying 173.194.76.27...
telnet: Unable to connect to remote host: Connection refused

Use Google to search for one that suits you. I went ahead with the one provided by SocketLabs, since it was fast to set up and the 2000 emails per month for the free plan are plenty for my use. Note the 4.883 GB Bandwidth associated with the 2k emails.

The included bandwidth is based on 128 kilobytes per message included on your Order. If the total size of your messages for the month exceeds 128 kilobytes multiplied by the base number of messages included on your Order per month, you will be billed for the extra bandwidth overage at a rate of ten U.S. dollars ($10) per gigabyte.

Final software stack

Linux server: Ubuntu Server 20.04 LTS
Email server: Axigen's Free Mail Server
SMTP relay: SocketLabs (optional)

DNS Settings

Once I have everything installed, I had to configure my DNS to take into account the mailing part. That's done by adding two additional records. An A record with Host = mail and Value = your IP address, like this:

Example of DNS A record for mail server

And now the MX record, Host = @ and Value = your hostname

The DNS MX record

Since you are configuring your DNS, take the time to add a new TXT record to your domain _dmarc.your.domain with the following value: v=DMARC1; p=none

My DMARC TXT record
A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and give instruction if neither of those authentication methods passes. Please be sure you have a DKIM and SPF set before using DMARC.

DKIM and SPF are already in place, provided by the SocketLabs server. Read more about DMARC here. I'm using mail-tester.com to test the server, and if everything's good, you'll have the following result:

mail-tester.com result

But you're not there yet, since your firewall doesn't allow the email ports to communicate with the outside world. Let's take care of that.

Firewall Settings

So open pfsense admin GUI and head to Firewall / NAT / Port Forward. You have to create a new rule, as the one in the screenshot below:

pfsense rule for NAT of the mail server ports

Notice that I'm using aliases, the mailserver has the IP address of the mail server and the mailports has the ports 25, 465, and 993. Test the rule using whatsmyip.com port scanner.

Axigen Settings

If you have problems sending emails, and the telnet check on port 25 fails, you have to rely on using an SMTP relay with a provider like SocketLabs. Instructing Axigen to use this smart host delivery is done in the Message Routing Settings / Routing Basic Settings:

Axigen configured to use Delivery through smart host

Select Deliver through smart host and set the Host with smtp.socketlabs.com and for the port use 587. That means you are no longer using 25 for the outbound mails, that your ISP is blocking.

Final Thoughts

I'm sure that you can do the same using postman, but since I'm the only user and the features of Axigen are way beyond my needs, I will continue to use this setup.

If you noticed, in the pfsense port alias I didn't expose the WebMail interface, but since it's very well done and modern, I'm using it internally on my network. Just take a look:

Axigen WebMail 10.3.1.10

Did I mention it's made in Romania? Well done guys, wonderful job!

So there you have it! A little thin client that's doing a great job of being an email server! If you send me an email and I still have some bandwidth left on SocketLab, I will respond :) Otherwise use the comments below if you feel chatty.

Radu

Since there's no place like 127.0.0.1, I try my best to keep it up to date and add network services using various (mostly old and cheap) network devices.

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.